CMSmap is a simple Python open source CMS scanner that automates the process of detecting security flaws of the most popular CMSs. The main purpose of CMSmap is to integrate common vulnerabilities for different types of CMSs in a single tool. At the moment of writing, CMSmap supports WordPress, Joomla and Drupal. This tool saves […]
Dionach Admin
ISO 27001:2013 Transition
A new version of the standard, ISO 27001:2013, was published on the 25th of September 2013. The new version replaces the older version, ISO 27001:2005. There will be a transition period for organisations to align their ISMS with the new standard and become certified against ISO 27001:2013. The new standard looks different from its predecessor, […]
MySQL Regex Conditional Errors and SQL Injection
Until a few days ago, I did not know any way of causing MySQL to throw an error based on a condition in a query. There is no documented way of doing this, but sometimes when trying to exploit a non-trivial SQL injection, you face situations where you do need to be able to force […]
Headers Analyzer Burp Extension
When you are doing a penetration test, there are certain tasks that you have to repeat over and over every single test you do. One of these tasks for a web application penetration test is checking the headers that the web server sends back to the user. These headers may contain interesting information that help […]
Easily Remove Unwanted HTTP Headers in IIS 7.0 to 8.5
The StripHeaders module is a Native-Code module for IIS 7.0 and above, designed to easily remove unnecessary response headers and prevent information leakage of software and version information, which can be useful to an attacker. See the installation section for information regarding deploying StripHeaders within your organisation. See the configuration section for information regarding removing […]
Reproducing an Umbraco Remote Code Execution Vulnerability
During a recent penetration test I came across a website running Umbraco CMS (https://umbraco.com/). Umbraco is an open source content management system for publishing content on the World Wide Web and intranets. It is written in C# and deployed on Microsoft based
Verifying PCI DSS Scope: Hunting for Credit Card Numbers
PCI DSS requires that the scope of assessment must be checked to make sure the scope is accurate. This check must also be carried out every year. Even if the documented scope means that no cardholder data is stored, there still may be some cardholder details that have been inadvertently left in documents. These credit […]
Physical Intrusion Social Engineering
Social engineering is a service that my team and I get involved in on a fairly frequent basis. While for the most part this involves remotely trying to convince targets to click on links in emails, browse to fake login pages, download carefully constructed files which lead to
PowerShell in Forensic Investigations
This is meant to be a short post about PowerShell as an aid in forensic investigations. We will not dive into what a proper forensic investigation looks like, we will just assume that somehow we have access to the compromised machine (a Windows Server 2012 R2 VM was used for our tests) -or a copy of it
Cross-Site Scripting through Flash Objects
Despite waning support for ActionScript on mobile platforms, the inclusion of ActionScript animations in web applications is common. Typically these animations are in the form of embedded SWF files, either through directly serving this content, or through an intermediate application which loads the SWF files from a protected area of the web server. The following […]